All Pages Tagged: ‘bluetooth 4.0’

Secure smart lighting: CSRmesh™ leading the way for secure home automation

Many readers may have come across this story regarding a brand of connected LED light bulbs which can be hacked to change the lighting, and worse, to reveal the homeowner’s Wi-Fi® Internet password. It’s a serious issue, and it has illuminated (pardon the pun) that security needs to be considered in depth when Internet of Things (IoT) devices are being developed.

On this note, I thought it would be worth allaying any fears that CSRmesh™, our game-changing protocol which allows for Bluetooth® Smart mesh networks, could be subject to similar breaches. We have considered security at every stage of the design and as such, it primarily prevents against eavesdroppers, man-in-the-middle attacks and replay attacks, and is considered highly robust.

To illustrate this, let’s consider how you add a new device into a CSRmesh network. The network is secured using an encrypted network key. This is derived from a password or phrase that the user is asked to input when they first download the app onto their smartphone. To make the process of adding devices into the CSRmesh network easier, it is possible to publish a ShortText code, barcode, or QR code with the device. This code may contain the device address (128-bit UUID), the 64-bit authentication code, and other short information that may be relevant. This is particularly useful for deployment of larger networks.

During device association, the smartphone app will exchange keys with the advertising device and an encrypted network key will be provided to the device upon completion of the association process

During device association, the smartphone app will exchange keys with the advertising device and an encrypted network key will be provided to the device upon completion of the association process

Eavesdropping

The next phase is about trusting the new device. Once each device has its peer’s public key, then they can start to generate a secret authorisation value using a complex algorithmic process. To test this authorisation value, both the configuring and new devices share a public key and then challenge the peer device’s knowledge of this authorisation value such that they can be assured that not only has the public key been distributed correctly, but that the peer device knows the authorisation value.

Once they have authenticated each other, only then will they distribute the network key, using AES-128 encryption. This mea

ns that nobody else can eavesdrop on this communication to determine the network key. All future messages sent over the network will be encrypted using the network key and only trusted members of the mesh network will know that key and be able to decrypt these messages. Messages containing a different structure or network key, such as those from neighbouring networks, cannot be decoded and are simply ignored and dropped. It is therefore not possible to control or listen-in to a neighbouring network, nor to derive the network key from it.

Man-in-the-Middle Attacks

An optional authentication procedure can be employed using the private key to verify the validity of new devices before adding them to the network. A QR code or similar, containing this authentication code or private key, can be used for out-of-band authentication of devices appearing on the network and requesting access or association to the network. The smartphone, or associating device can scan the QR code from the device’s original packaging and thus securely obtain the authentication code “out-of-band”. When this device later appears on the network requesting association to the network and therefore requesting the network key, it can be challenged to also provide this out-of-band information or private key. This is then compared with what the associating device already gleaned from the QR code. If the two match, then the device is authenticated and the network key is encrypted and securely passed to the device being associated.

This authentication process therefore prevents an unknown device from accidentally or intentionally gaining access  to the network, a process known as a “man-in-the-middle” attack.

The relaying of messages through the mesh network is also securely managed. To accomplish this, each device that relays messages must also know the encrypted network key. Only messages that can be authenticated against a known network key are relayed. This allows devices that are near other mesh networks, for example a device near to a neighbour’s property, to only relay messages for known networks and not for any foreign network messages.

csrmeshloopReplay Attacks

There is always the potential for someone to steal the network key from a trusted network device, either by recording the encrypted information it is sending over the airwaves and playing it back at a later time, or by physically removing a device and reading its non-volatile memory. For this reason we prevent against ‘replay attacks’, someone trying to mimic a good network device message at a later time to try to gain access. A sequence number identifier is incremented and transmitted with each mesh message. If messages are replayed out of sequence then they are simply dropped and ignored. The network key data is not stored in a logical location in non-volatile memory, but is distributed across the memory hash table, making it very difficult to locate and identify. We would also recommend that any external trusted network devices use a separate network key that does not, for example, provide access to buildings or other secure areas.

The current release of CSRmesh for lighting supports only one network key per device, but a future version will support multiple network keys. This facilitates a ‘class of service’ structure for sub-networks within a building e.g. hotels which may require the enabling of different security zones.

 

Within the CSRmesh protocol there are also other security and control features such as:

  • Time-to-Live (TTL) counter: which determines how many hops or relays a message is allowed to make within the mesh network. The TTL is decremented every time a message is relayed. When it reaches zero, the message can no longer be relayed. This limits the size of a network and sets a boundary
  • TID message identifier: each message carries a unique TID. Devices receiving a new message compare its TID with the last few previously heard messages’ TIDs. If they are the same, that message is dropped,  meaning that messages that have already been heard before are not repeated again. This limits the proliferation of messages and prevents echoes and infinite loops in the network
  • A Seq sequence number: this maintains the location of messages within network and time. If messages appear out of sequence they are ignored, preventing record and replay attacks upon the network

 

As you can see, security is not something that is simple. Nor is it something that should be an afterthought in terms of design. It must be integral to the design of both the architecture and implementation of a networking solution. CSRmesh has been designed from the ground up to be as difficult as possible to be compromised, but it still includes the flexibility to increase the level of security over time as security algorithms improve.

Read more about the new CSRmesh protocol here. For a full list of features and information about ordering a CSRmesh Development Kit, click here.

If you have any security-related questions please post them below or on our support forum and we’ll get back to you.

 

Posted in Bluetooth Smart, Connectivity, Technology | Tagged , , , , , , , , , , , , , , , , | Leave a comment

Need help developing your IoT prototype with CSRmesh™?

Earlier this month we launched the CSRmesh™ Development Kit to offer developers the opportunity to get hands on with the CSRmesh  Bluetooth® Smart protocol. Designed to accelerate prototype development of new low power connected Internet of Things (IoT) products, the kit includes development boards, a USB programmer and access to the development platform (SDK) which guides you through to example IoT applications. Kits are available from CSR distributors and are initially offered with software supporting networked lighting applications, with updates for home automation and other IoT applications based on CSRmesh due later in the year.

In this introductory video, CSR senior applications engineer Alan Hay takes you through a step-by-step guide on getting started with the kit, explaining what’s included and how to download the necessary software. Check the below video to watch and get unboxing!

If you want to find out more about CSRmesh visit http://csr.com/products/technology/csrmesh or for a more in-depth explanation our latest webinar ‘An Introduction to CSRmesh’ is also now available on demand.  Our forum and wiki are also great resources if you are developing with CSRmesh.

Posted in Bluetooth Smart, Connectivity, Corporate, Technology | Tagged , , , , , , , , , , , , , , | 2 Comments

Qardio makes health monitoring easy with CSR1010™ Bluetooth® Smart

With connected medical devices one of the most exciting aspects of the growing Internet of Things, we caught up with Qardio, a company in the business of making smart wearable heart health monitors. Rosario Iannella, Chief Technology Officer at Qardio, discusses the benefits CSR’s Bluetooth® Smart technology brings to the company’s latest device, the QardioArm, and his thoughts for how the smart medical devices market will evolve.

CSR: You recently launched the QardioArm blood pressure monitor, which uses the CSR1010™. What’s exciting about the device?

Qardio: QardioArm is a blood pressure monitor with a revolutionary design and effortless user experience that conveniently fits the modern lifestyle. The idea behind the product was to create a medical device that looks like an everyday object and is simple and convenient to have around at all times for daily measurements.

"We looked at different parameters like throughput, power consumption, module design and the completeness of the Bluetooth stack feature set. CSR performed better on every one of these points." - Rosario Iannella, CTO, Qardio

“We looked at different parameters like throughput, power consumption, module design and the completeness of the Bluetooth stack feature set. CSR performed better on every one of these points.” – Rosario Iannella, CTO, Qardio

CSR: When developing the QardioArm what were the top five things you wanted to achieve? 

Qardio: We wanted QardioArm to be easy to use, comfortable, clinically validated with safe data transfer and to have a long battery life. All of this has been possible with the use of CSR’s Bluetooth Smart technology.

The ability to control the device pairing experience directly from the smartphone application has ensured the device is incredibly simple to use from the very first time. A simple tap between the QardioArm and the phone and the user is ready to start using the product.

We wanted the device to be comfortable and the combination of the wireless technology with the compact design created a blood pressure device that is simple and convenient to have around at all times for daily measurements.

The low power consumption offered by CSR’s Bluetooth Smart technology means users don’t have to continually charge their device. And the small form factor of the chip has helped us deliver a compact design.

Users want to feel confident that data is accurate and safely stored. The encryption mechanism embedded in Bluetooth Smart technology has been crucial in helping us achieve that.

CSR: Why did you choose to work with CSR?

Qardio: We looked at different parameters like throughput, power consumption, module design and the completeness of the Bluetooth stack feature set. CSR performed better on every one of these points.

CSR: How do you think the personal medical market will evolve in the next five years?

Qardio: The market has seen an explosion of self-quantified applications in the last few years. Now with medical devices coming to the market with a consumer-focused design we will start collecting an unprecedented amount of clinical data that will help improve patient care. We will see companies creating predictive algorithms giving people the ability to truly achieve preventive care, lowering the unsustainable current trend of increasing healthcare costs.

 

The QardioArm records blood pressure readings and uploads them to the cloud, which can then be accessed via an iOS app

The QardioArm records blood pressure readings and uploads them to the cloud, which can then be accessed via an iOS app

CSR1010 is part of the proven CSR µEnergy® line up of products – click here for more details.If you’re looking to develop a Bluetooth Smart device and have any questions please get in touch.

Posted in Applications and Markets, Bluetooth Smart, Connectivity, Corporate, Health, Technology, Wearables | Tagged , , , , , , , , , | Leave a comment

Looking to develop a new smart home device for the Internet of Things? Join our CSRmesh™ webinar

Are you a developer looking to create a new Bluetooth® Smart home device? Do you want to ensure consumers can control a number of your devices directly from the smartphones and tablets they already own, without any complicated set up? Then you’ll want to join our upcoming webinar on CSRmesh™.

CSRmesh allows for an almost unlimited number of Bluetooth® Smart enabled devices to be simply networked together and controlled directly from a single smartphone, tablet or PC for the first time. It also allows developers to build intelligence into the network so devices can communicate with each other directly. The solution combines a configuration and control protocol with CSR’s Bluetooth Smart devices, including CSR101x™ and CSR8811™.CSRmesh Development Kit

CSRmesh has initially been developed to support wireless lighting control, but the protocol supports models for additional applications. Home automation models enabling heating and ventilation control, security and sensing will be rolled out shortly.

The CSRmesh development kit which is available from your local CSR distributor provides three development boards and a full SDK to enable you to develop a wireless lighting product and evaluate CSRmesh technology.

The webinar, which takes place on August 5th, will provide:

  • An overview of CSRmesh: background, key features and use cases
  • How to set up CSRmesh: installation, configuration, technical design and models
  • Live Q&A: put your questions to Alan Hay, Senior Applications Engineer and Dmitry Shipilov, Staff Applications Engineer at CSR

Presenter: Alan Hay, Applications Engineer, CSR

Register Now: Join us on Aug 5th at 9.00am or 5.00pm

In the meantime if you’re interested in finding out more about CSRmesh visit http://csr.com/products/technology/csrmesh.

And if you’re unable to join the webinar please get in touch with bluetoothsmart@csr.com with any questions or check out our Forumand Wiki.

Posted in Applications and Markets, Bluetooth Smart, Connectivity, Corporate, Technology | Tagged , , , , , , , , , , , , | Leave a comment

CSRmesh™ – A key component to the Internet of Things and the world’s most exciting technology, says The Times Raconteur special report

CSR was featured this week in the ‘Internet of Things’ special report, published by the prestigious Raconteur and distributed in The Times. It contains an interesting series of articles looking at how everything is getting plugged into the internet and how through machine-to-machine communications, it is making a sizeable impact on how we live. It’s worth a read, but definitely check out pages 8-9, where CSRmesh is not only mentioned as one of the ten applications making the IoT the world’s most exciting technology, but also because it features a great infographic exploring the segmentation of the IoT market.

“Devices in close proximity relay messages to each other to form a local network. For example, Cambridge Silicon Radio’s CSRmesh uses the Bluetooth radio signal found on every smartphone. The consumer connects to a Bluetooth-smart IoT device, which then sends that message to affiliated devices in a giant chain or mesh. Bluetooth can stretch 30 metres, but via a mesh, a message can leapfrog devices to cover much larger distances.”

Read more about the new CSRmesh protocol here. For a full list of features and information about ordering a CSRmesh Development Kit, click here.

As originally seen in ‘Internet of Things’ published by Raconteur Media on 17/07/14 in The Times

As originally seen in ‘Internet of Things’ published by Raconteur Media on 17/07/14 in The Times

Posted in Applications and Markets, Bluetooth Smart, Corporate, Technology | Tagged , , , , , , , , , | Leave a comment

Sky News reports on CSRmesh™ and Bluetooth® powering the Internet of Things

CSR recently met with the SWIPE tech team from Sky News to talk about how Bluetooth® is changing the way we interact with the world. Reporting from the Future is Smart exhibition organised by the Bluetooth Special Interest Group, the report focuses on CSRmesh™ having a key role in the future of wireless technology:

“Bluetooth isn’t just about mobile headsets anymore, a new generation of wireless technology is ready to transform homes, exercise, medicine and even farming. It’s because Bluetooth 4.0 lets devices talk to each other using very little power, like these light bulbs from Cambridge-based company CSR. One app can control tens of thousands of [light bulbs] at once, right down to changing the colour of each individual bulb. And the technology has even greater potential.”

You can see the full episode here (link expires 17.07.14).

rickSwipe

Read more about the new CSRmesh protocol here. For a full list of features and information about ordering a CSRmesh Development Kit, click here.

Posted in Applications and Markets, Bluetooth Smart, Connectivity, Corporate, Technology | Tagged , , , , , , | Leave a comment

CSR at Telematics Detroit 2014 – Bluetooth Smart opening doors

It was clear from last year’s Telematics events that there is a strong appetite among tier 1s and OEMs for integrating more Bluetooth® Smart connectivity applications.

Later in 2014, the first volumes of Tyre Pressure Monitoring Systems (TPMS) based on CSR’s Bluetooth Smart technology will be hitting the aftermarket space. It’s just one example of a multitude of opportunities to exploit Bluetooth Smart in-vehicle. From keyless entry systems replacing proprietary lock and unlock technologies to smartphone apps saving drivers preferred settings and displaying diagnostic information, controlling your vehicle directly from your smartphone as opposed to via the car’s telematics control unit is certainly an attractive proposition for consumers and businesses alike. Imagine car rental businesses such as Hertz and Avis providing apps that configure the rental car according to your preferences when you enter the vehicle.

While certainly convenient, this is not the primary reason for car makers to choose Bluetooth Smart. It comes down to economics. Bluetooth Smart reduces the need for as much wiring and cabling in the car, and wire replacement applications can substantially reduce the weight (up to several kilos) and complexity of establishing communication networks in the car. Ultimately it offers the opportunity to consolidate systems. TPMS and keyless systems using Bluetooth Smart can communicate directly to the dual-mode head unit device, thereby eliminating the need for dedicated TPMS and keyless receivers.

In addition, since Bluetooth Smart is a globally licensed ISM band technology, using it reduces costs associated with geographical skews that the varying frequencies of TPMS and keyless systems currently produce.

Dual-mode Bluetooth Smart chips have been shipping into the automotive market since 2011 and are already embedded in head units, ready to communicate with the Bluetooth Smart chips in steering wheel switches, TPMS sensors, key fobs, remote controls etc. We expect the global Bluetooth Smart attach rate to significantly increase over the coming years. With the CSR1010™ auto, as well as the CSRC9300™ audio-centric Bluetooth Smart/Wi-Fi® combo chip (now in mass production) and the CSR8350™, CSR is primed to meet suppliers’ Bluetooth Smart requirements.

Our recently launched CSRmesh™ solution, which is a protocol that enables ad-hoc over multiple Bluetooth Smart nodes, can also be wielded to significantly enhance many non-safety critical functions in the car. For example, a high rise parking lot with sensors throughout would be able to tell an incoming driver where exactly in the lot free spaces are, using CSRmesh to communicate with the sensors throughout the lot to locate that free space.

CSR will be demoing its Bluetooth Smart solutions at Telematics Detroit 2014 – feel free to visit CSR at booth 77.

Posted in Applications and Markets, Automotive Infotainment, Bluetooth Smart, Connectivity, Corporate, Technology | Tagged , , , , , , | Leave a comment

CSR at CES 2014 – Paul Williamson on Bluetooth Smart

Bluetooth® certainly has a strong presence at International CES 2014, featuring prominently in everything from wireless headsets to automotive infotainment systems. The future, however, is in Bluetooth Smart. Take a look at the video below, where Paul Williamson, CSR’s Director of Low Power Wireless, explains the importance of and wide range of applications for Bluetooth Smart. You’ll also hear Paul talk about how Bluetooth Smart is completely changing the product development paradigm companies have been working within for so long.

 

Posted in Applications and Markets, Bluetooth Smart, Connectivity, Corporate, Technology | Tagged , , , , , , | Leave a comment

Bluetooth Smart takes to the stage at the Edinburgh Festival Fringe

Don’t panic! We haven’t packed our day jobs in for a life of stand-up comedy just yet!

Juliette Burton used a CSR1011 Bluetooth Smart enabled presenter to ensure her show ran smoothly

Juliette Burton used a CSR1011 Bluetooth Smart enabled presenter to ensure her show ran smoothly

Instead we were able to use CSR’s Bluetooth Smart platforms to help the comedian Juliette Burton with her debut solo comedy show at the Edinburgh Fringe 2013. Here at CSR we’re always keen to see new and innovative use cases for Bluetooth Smart Technology, from our Ultra-Thin Keyboard technology demonstrator to the latest Bluetooth Smart health monitoring products from Qardio, and working with Juliette has given us the opportunity to take Bluetooth Smart to the stage.

The content (and successful performance) of Juliette’s one woman show depended on the precise timing of multimedia cues throughout. Having encountered range, performance and battery life issues with existing off-the-shelf presenter remotes, Juliette needed a dependable cueing solution that would deliver the performance and range necessary to allow her to move around the stage freely without the risk of connection loss or late cues.

CSR provided Juliette with our Bluetooth Smart enabled presenter for use in her show, giving her peace of mind and confidence that her all-important cues would be delivered on time no matter where she was on stage.  Taking advantage of the reliability and low power consumption inherent in the CSR µEnergy® product lineup, the CSR Presenter comprises a CSR1011 with a small form factor, eight-element keyscan matrix. The software is derived from the Bluetooth Smart keyboard application in CSR µEnergy SDK, and the button functions were customized to meet Juliette’s specific needs.

Bluetooth smart remote control development kit

Bluetooth Smart remote control development kit

If you’re interested in developing Bluetooth Smart Remote Controls check out the CSR µEnergy Remote Control Development Kit which provides a full system solution based upon CSR1011 with advanced features such as gesture recognition, voice control and low power consumption.

Posted in Applications and Markets, Bluetooth Smart, Connectivity, Technology | Tagged , , , , , , , | Leave a comment

First Bluetooth low energy profiles published

Bluetooth low energy Heart Rate Monitor Profile has been adopted by the Bluetooth SIG, along with health thermometer this marks the first profiles to be adopted for the Bluetooth 4.0 specification.

It has been a long time coming with the core Bluetooth 4.0 specification adopted in July 2010 , but it is clear that this is the start of the process of a large number of profile releases.
Continue reading “First Bluetooth low energy profiles published” »

Posted in Connectivity, Technology | Tagged , , , , , , , , | Leave a comment